Skip to content

🔧 add context7 integration configuration #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gimlichael merged 1 commit into from
Jun 3, 2026
Merged

🔧 add context7 integration configuration #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .docfx/docfx.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
],
"globalMetadata": {
"_appTitle": "Extensions for Carter by Codebelt",
"_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2026 Geekle. All rights reserved.</span>",
"_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2026 Geekle. All rights reserved.</span><script async src=\"https://context7.com/widget.js\" data-library=\"/codebeltnet/carter\"></script>",

@greptile-apps greptile-apps Bot Jun 3, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Missing Subresource Integrity (SRI) hash on third-party script

The widget.js script is loaded from context7.com without an SRI integrity attribute. If the CDN is ever compromised or the file is silently changed, the altered script would execute on every documentation page with no browser-side validation. Adding integrity="sha384-..." and crossorigin="anonymous" pins the script to a known hash and lets browsers reject unexpected content. You can generate the hash with openssl dgst -sha384 -binary widget.js | openssl base64 -A against the current file.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: .docfx/docfx.json
Line: 54

Comment:
**Missing Subresource Integrity (SRI) hash on third-party script**

The `widget.js` script is loaded from `context7.com` without an SRI `integrity` attribute. If the CDN is ever compromised or the file is silently changed, the altered script would execute on every documentation page with no browser-side validation. Adding `integrity="sha384-..."` and `crossorigin="anonymous"` pins the script to a known hash and lets browsers reject unexpected content. You can generate the hash with `openssl dgst -sha384 -binary widget.js | openssl base64 -A` against the current file.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

"_appLogoPath": "images/50x50.png",
"_appFaviconPath": "images/favicon.ico",
"_googleAnalyticsTagId": "G-GGL98GEYWE",
Expand Down
4 changes: 4 additions & 0 deletions context7.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"url": "https://context7.com/codebeltnet/carter",
"public_key": "pk_ZYmd0ipMJCtW5NudkKPxA"
}
Loading